Archive for the ‘dante’ Category

[20170903/ Yet another one. Since I rarely (read never) use Skype to call, I couldn’t spot it immediately, but all calls were actually dropped after 10 seconds. To fix it, you’ll need to open 3478/udp from your LAN to the outside world. More details are here. Confirmed to work with 7.39.32.102./20170903]

[20170512/ Another update. It actually came out that the latest Skype (confirmed with 7.36.0.101) does support socks, however there is an issue with the password length used to authenticate to the socks instance. Anything greater than 5 (five) characters fails. I don’t know whether it’s done deliberately, or there is some bug that’s never going to be fixed, but anyway, the workaround is either to use some generic account with the five-or-less-characters password, or disable socks authentication altogether./20170512]

[20170312/ Somewhere around first week of March 2017 (or end of February), Skype started dropping connections from versions 7.1.32.xx and below. When you try to log in, you’ll be presented with the message about outdated version. I’m not aware about any versions after 7.1.32 that support Socks. Despite of numerous bugs opened Socks functionality was never fixed, therefore the content of this article is no longer valid, and you won’t be able to use Skype with Socks. The configuration option is still there, but no connection attempts to the Socks server are made. Perhaps this is how they promote the usage of Skype Business Server./20170312]

Today we’re going to configure Dante running on FreeBSD 10.0-STABLE to allow Skype connectivity based on username/password stored in Active Directory. The version of Dante being used is 1.4.1 installed from ports and Active Directory is handled by Windows Server 2008 R2.

Note: as at the time of writing, the version of Dante available in FreeBSD ports collection is 1.4.0 and it’s marked as BROKEN because of the bug 192295. Use this patch to install 1.4.1.

Install required software:

%cd/usr/ports/security/pam_ldap &&makeinstall clean

%cd/usr/ports/net/dante &&makeinstall clean

Create /usr/local/etc/pam.d/sockd file:

auth required /usr/local/lib/pam_ldap.so

account required /usr/local/lib/pam_ldap.so

password required /usr/local/lib/pam_ldap.so

Create /usr/local/etc/ldap.conf file and fix permissions:

host 10.9.128.1

base OU=Users,DC=int,DC=domain,DC=org

ldap_version 3

binddn CN=socksd,OU=Users,DC=int,DC=domain,DC=org

bindpw xxxxxxx

pam_filter objectclass=user

pam_login_attribute samaccountname

%chmod600/usr/local/etc/ldap.conf

Adjust host, base, binddn and bindpw to reflect your environment.

Modify /usr/local/etc/sockd.conf file:

logoutput: stdout /var/log/dante.log

internal: 10.9.36.10 port = 1080

external: 10.9.36.10

socksmethod: pam.username none

user.privileged: root

user.unprivileged: nobody

user.libwrap: nobody

client pass {

from: 10.9.128.0/24 port 1024-65535 to: 0.0.0.0/0

log: error connect disconnect

}

socks pass {

from: 10.9.128.0/24 to: 0.0.0.0/0

command: connect udpassociate

socksmethod: pam.username

log: error connect disconnect iooperation

}

socks pass {

from: 0.0.0.0/0 to: 10.9.128.0/24

command: udpreply

log: connect error

}

Modify /etc/rc.conf to start Dante at boot:

# enable dante

sockd_enable="YES"

Configure Skype to use Socks with proxy authentication and check the logs of Dante: